metasploit | JaffaCakes118_bb94ec9d8db5ca1b06f48b20f996bfba | Triage

Sharing

General

Target

JaffaCakes118_bb94ec9d8db5ca1b06f48b20f996bfba
Size

15KB
MD5

bb94ec9d8db5ca1b06f48b20f996bfba
SHA1

dba01fd895aba252a9415249053047f37369dcff
SHA256

d60034b87eaae97298435f653a27a2ff8a8800ab9cda72e76d44bb2a29729400
SHA512

07a1729261b9828d9810f383ecf396493d3eb9e4222ef269eb8e97588bc60f5a2ac603e9dd3a36426931ff0bf29022f4a8705bc367b4cab5733da249f450ea26
SSDEEP

192:M42aJ6bN1ZqMnq7F3Ymyiw+M8zlDX8YQoeyFozC4x:MU6bYLxYniw+M8zlDMY/JaWG

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_bb94ec9d8db5ca1b06f48b20f996bfba

Files

JaffaCakes118_bb94ec9d8db5ca1b06f48b20f996bfba
.exe windows:4 windows x86 arch:x86

e5d57ba56be42f1e64ad543417e133bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
abort
atexit
free
malloc
memset
signal

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 224B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE